In a recent support alert issued by IBM, the company noted that some USB drives that shipped with its Storwize systems contained malicious code.
IBM accidentally shipped USB drives infected with malware to some customers, the company noted in a support advisory post. The drives contained an initialization tool for some of its Storwize systems, the post stated.
IBM customers who received a USB flash drive with the part number 01AC585 should either destroy the drive so that it cannot be reused, the post said, or follow the steps listed in the post to repair the drive. Affected drives were shipped with the following Storwize systems:
- IBM Storwize V3500 - 2071 models 02A and 10A
- IBM Storwize V3700 - 2072 models 12C, 24C, and 2DC
- IBM Storwize V5000 - 2077 models 12C and 24C
- IBM Storwize V5000 - 2078 models 12C and 24C
SEE: Information security incident reporting policy template (Tech Pro Research)
If the serial number on a Storwize system starts with the characters 78D2, it isn't shouldn't be affected by the issue, the post said.
So, what does the infected drive actually do to a system? "When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation," the IBM post said.
Then, a malicious file is copied to a temporary folder called %TMP%\initTool on Windows or /tmp/initTool on Linux or Mac. It is important to note that, while the file is copied onto a machine, it isn't actually executed during the initialization process, the post also said.
As reported by ZDNet's Danny Palmer, the malware was listed by Kaspersky lab as a member of the Reconyc Trojan malware family, which is primarily used in Russia and India.
If a user has already inserted the USB drive and run the initialization, IBM recommends making sure that their antivirus software is up to date and running a scan of their system. Or, a user can manually delete the temporary directory listed above to remove the malicious file.
Unfortunately, this isn't the first time IBM has distributed infected USB drives. In 2010, at the AusCERT conference in Australia, the company handed out free USB drives that were infected with malware to attendees who visited their booth.
The 3 big takeaways for TechRepublic readers
- IBM recently shipped USB drives containing malicious code with some of its Storwize systems.
- The drives contained an initialization tool for the system, but also a form of the Reconyc Trojan malware.
- USB drives with the part number 01AC585 are affected and should be destroyed or repaired, IBM said.
- 'Invisible' malware hidden in trusted software, infiltrating enterprises worldwide (TechRepublic)
- IBM warns of malware on USB drives shipped to customers (ZDNet)
- Five free anti-malware products to safeguard your PC (TechRepublic)
- New Mac malware spies on your web traffic (ZDNet)
- IBM: We distributed malware-ridden USB drives (CNET)